OAuth Overview

What is OAuth?

OAuth is an open standard for access delegation, commonly used as a way to grant websites or applications limited access to their users' information without exposing passwords. OAuth allows third-party services to exchange and access data securely.

OAuth is widely used for token-based authentication and authorization, enabling various types of applications to communicate securely.

OAuth Diagram

Types of OAuth Flows

  • Authorization Code Flow: Used for server-side applications where the client can securely store a client secret.
    Authorization Code Flow Diagram
  • Client Credentials Flow: Used for server-to-server communication where no user context is required.
    Client Credentials Flow Diagram
  • Implicit Flow: Used for client-side applications (e.g., SPAs) where the client secret cannot be stored securely.
    Implicit Flow Diagram
  • Password Credentials Flow: Used for trusted applications where the resource owner shares their credentials with the client.
    Password Credentials Flow Diagram